• Airport takes down free WiFi, scales down website in wake of cyberattack on Atlanta computers

Airport takes down free WiFi, scales down website in wake of cyberattack on Atlanta computers

Time to read
2 minutes
Read so far

Airport takes down free WiFi, scales down website in wake of cyberattack on Atlanta computers

Fri, 03/23/2018 - 16:55
Posted in:
0 comments

In a story first reported by 11Alive, city of Atlanta computers have been cyber attacked by ransomware that has encrypted some personal and financial data.

Author: Tim Darnell
Published: 10:03 AM EDT March 23, 2018
Updated: 10:20 AM EDT March 23, 2018

 

ATLANTA – In the wake of a cyberattack on city of Atlanta computers, Hartsfield-Jackson Atlanta International Airport has taken precautions to ensure computers at the world's busiest air terminal remain unaffected.

According to airport spokesman Reese McCranie, the airport has taken down its free public WiFi and also removed some of its website’s functionality that lists flight information and wait times.

In a story first reported by 11Alive, city of Atlanta computers have been cyber attacked by ransomware that has encrypted some personal and financial data.

"We don't know the extent of the attack," said Atlanta Mayor Keisha Lance Bottoms in a Thursday afternoon press conference. Atlanta COO Richard Cox said public safety, water and airport operations departments have not been affected.

READ | What to know about the City of Atlanta cyberattack

Officials also said Thursday afternoon they are working with the FBI, U.S. Department of Homeland Security, Cisco cybersecurity officials and Microsoft to determine what information has been accessed and how to resolve the situation.

Bottoms said everyone who has done business with the city is potentially at risk, and advised businesses and consumers to check their bank accounts.

READ | What to do after a data breach or cyberattack

READ | Cyberattack hits Atlanta computers | 'Everyone who has done business' with city may be at risk

A screenshot sent to 11Alive from a city employee and analyzed by technical expert and Kennesaw State University professor Andrew Green, shows a bitcoin demand of $6,800 per unit, or $51,000 to unlock the entire system.

Emails have been sent to city employees in multiple departments telling them to unplug their computers if they notice suspicious activity. Professor Green said that directive and the note itself is indicative of a serious ransomware attack.

One expert said based on the language used in the message, the attack resembles the "MSIL" or "Samas" (SAMSAM) ransomware strain that has been around since at least 2016.

According to the U.S. Department of Justice, the SAMSAM strain was used to compromise the networks of multiple U.S. victims, including 2016 attacks on healthcare facilities that were running outdated versions of the JBoss content management application.

SAMSAM exploits vulnerable Java-based Web servers, using open-source tools to identify and compile a list of hosts reporting to the victim’s active directory. The actors then use psexec.exe to distribute the malware to each host on the network and encrypt most of the files on the system. The actors charge varying amounts in Bitcoin to provide the decryption keys to the victim.